Wallets and Staying Secure

Estimated read time: 11 min

In November 2022, the crypto exchange FTX collapsed. Within days, it became clear that billions in customer funds were gone. People who had bought Bitcoin through FTX, and left it sitting in their FTX account, lost everything. People who had withdrawn their Bitcoin to a wallet they controlled, lost nothing.

That distinction — a wallet you control versus an account someone else controls — is the single most important concept in Bitcoin security. This chapter explains it clearly.

What is a Bitcoin Wallet?

A common misconception: a Bitcoin wallet holds your Bitcoin. It does not.

Your Bitcoin never leaves the blockchain. What a wallet holds is your private key — the mathematical proof that you are authorized to spend specific coins on the blockchain.

Think of it this way: Bitcoin on the blockchain is like a safety deposit box at a bank vault. The Bitcoin sits in the vault (the blockchain). Your wallet holds the key. Without the key, you cannot open the box. With the key, you can. The box does not move — only the key matters.

This distinction matters enormously. When you keep coins on an exchange, you do not hold the key. The exchange does. You have an account with a balance, not actual Bitcoin. When you move your coins to a wallet you control, you receive the private key. Now you own the Bitcoin directly, with no intermediary between you and it.

"Not your keys, not your coins" is one of the most repeated phrases in the Bitcoin world. It is not just a slogan. It is a description of how ownership actually works.

Hot Wallets vs Cold Wallets

Bitcoin wallets are generally divided into two categories based on whether they are connected to the internet.

Hot wallets are connected to the internet. They live on your phone, your computer, or a browser extension. They are convenient — opening your wallet to make a payment takes seconds. This convenience comes with a trade-off: anything connected to the internet is potentially reachable by an attacker.

Hot wallets are appropriate for amounts you are comfortable losing, roughly equivalent to the cash in your physical wallet. If you would carry CHF 200 in your pocket without anxiety, a hot wallet holding CHF 200 worth of Bitcoin is a reasonable risk.

Cold wallets (also called cold storage) are not connected to the internet. They store your private key on a device that has never been online, or only connects briefly and in a controlled way to sign transactions. A hardware wallet is the most common form of cold storage.

Cold wallets are appropriate for savings — any amount you would not want to lose and do not need immediate access to. If you are holding CHF 5,000 or more in Bitcoin, or any amount you consider significant to your financial situation, cold storage is the right choice.

The simple rule: hot for spending, cold for saving. Many experienced Bitcoin holders keep a small hot wallet for daily use and a hardware wallet for the bulk of their holdings, just as they might carry a small amount of cash while keeping savings in a bank account — except with Bitcoin, the bank is you.

How to Choose a Wallet

The first decision is custodial vs non-custodial.

A custodial wallet is one where a company holds your private keys on your behalf. Exchange accounts are custodial. So are most beginner-friendly apps that handle the keys for you in the background. They are convenient, but they reintroduce counterparty risk — the very thing Bitcoin is designed to eliminate.

A non-custodial wallet gives you direct control of your private keys. You generate them. You store the seed phrase. No company can freeze your funds or lose them in a hack. The trade-off is responsibility: if you lose the seed phrase, there is no one to call.

For Bitcoin specifically, non-custodial is strongly recommended for any amount above what you would consider disposable.

For beginners with small amounts (under CHF 500): A simple non-custodial mobile wallet is a reasonable starting point. Well-regarded options include Phoenix Wallet (Lightning-focused), Blue Wallet, and Muun. These generate a seed phrase you control and are straightforward to use.

For larger amounts: A hardware wallet is the standard recommendation. Hardware wallets are dedicated physical devices — similar in size to a USB drive — that store your private key offline. They sign transactions internally, meaning the key never touches your internet-connected phone or computer. Well-established options include:

Ledger (based in France, widely used across Europe, connects via USB or Bluetooth) Trezor (based in the Czech Republic, fully open-source hardware and software) Coldcard (Canadian company, considered the most security-focused option, aimed at advanced users)

All three are available directly from their manufacturers. Always buy hardware wallets directly from the manufacturer or a verified retailer — never second-hand or from unknown online sellers, as tampered devices have been used to steal funds.

What is a Seed Phrase?

When you set up any non-custodial wallet, the wallet generates a seed phrase: a list of 12 or 24 ordinary English words in a specific order.

Examples of words: abandon, able, about, above, absent, absorb — the actual words are random and specific to your wallet.

The seed phrase is a human-readable encoding of your private key. It contains everything needed to reconstruct your wallet on any compatible device. If your phone is stolen, your laptop breaks, or your hardware wallet is lost, you can enter your seed phrase into a new device and recover full access to your Bitcoin.

This makes the seed phrase extraordinarily powerful — and extraordinarily dangerous to lose or share.

If someone else gets your seed phrase, they own your Bitcoin. There is no grace period. No support line. An attacker who has your seed phrase can drain your wallet within seconds from anywhere in the world. This is why phishing scams specifically target seed phrases — one moment of inattention and the damage is done.

Guard your seed phrase as if it were the only key to a vault containing your life savings. Because for those who use Bitcoin seriously, it is.

How to Store a Seed Phrase Safely

Write it down by hand, on paper. Do not photograph it. Do not type it into a phone or computer. Do not email it to yourself. Do not store it in a password manager or cloud service. These are all digital surfaces that can be compromised.

Keep two physical copies in two separate locations. If your apartment burns down or floods, you need a backup somewhere else — a family member's home, a bank safe deposit box, or a secure location you trust.

Consider a metal backup. Paper can burn. Metal does not. Devices such as Bilodeau or Cryptosteel let you stamp or engrave your seed words onto stainless steel. For a hardware wallet holding several thousand francs, this is a worthwhile CHF 50–100 investment.

Never enter your seed phrase on a website. No legitimate wallet, exchange, or support service will ever ask for your full seed phrase online. Any site that does is attempting to steal it.

What Happens if You Lose Your Wallet or Seed Phrase?

This is one of the scenarios that worries newcomers most. The answer is straightforward:

Lose your device but still have the seed phrase: You are fine. Buy a new device, install the wallet software, enter your seed phrase, and your Bitcoin is accessible immediately. Your coins were never on the old device — they were on the blockchain. The seed phrase is what matters.

Lose the seed phrase but still have the device: You can still access your Bitcoin as long as the device works. But do not wait. Generate a new wallet, transfer your coins there, and properly secure the new seed phrase. A broken or lost device with no seed phrase backup means permanent loss.

Lose both the device and the seed phrase: The coins are permanently inaccessible. There is no recovery mechanism. This is why secure backup matters before anything goes wrong.

Share the seed phrase with someone or enter it on a fake site: Assume the coins are gone. Act immediately — if you still have access to the wallet, move coins to a fresh wallet with a new seed phrase before the thief can act.

Security Best Practices

The following habits, consistently applied, will protect the vast majority of Bitcoin holders from the vast majority of threats:

Write your seed phrase on paper, by hand, immediately when setting up a wallet. Never store it digitally.

Keep two physical backups in separate locations. Consider a metal backup for significant holdings.

Use a hardware wallet for any amount you would consider significant. CHF 500 upward is a reasonable personal threshold.

Enable two-factor authentication on exchange accounts you still use. Use an authenticator app, not SMS.

For very high-value holdings, consider multisig: a setup where spending coins requires signatures from two or more separate keys. This eliminates single points of failure. Tools like Sparrow Wallet, Unchained Capital, and Casa support multisig setups for self-custody.

Periodically check that you can still access your seed phrase backup. A recovery phrase written on paper and stored in a box is only useful if you can find and read it when needed.

Setting Up a Hardware Wallet: What to Expect

If you are buying a hardware wallet for the first time, knowing what the setup process looks like will reduce anxiety and prevent mistakes.

When you first power on a Ledger or Trezor device, it generates a new set of private keys internally. It then displays your seed phrase — word by word — on the device's own screen. You write each word down in the order shown. After you have written all 24 words, the device asks you to verify a selection of them to confirm you recorded them correctly.

This is the most important moment in the entire setup process. You are being given the master key to your wallet. Write every word clearly. Check your handwriting. Number the words. Then store the paper in a safe location before doing anything else.

The device will also ask you to set a PIN — a short number code you enter each time you physically use the device. The PIN protects the device from being used by someone who finds or steals it. The PIN is separate from and less important than the seed phrase: if you forget your PIN, you can reset the device and restore from your seed phrase.

Once set up, your hardware wallet connects to your computer or phone through a companion app (Ledger Live or Trezor Suite). These apps show your balances and let you send and receive Bitcoin. The key point: the private key never leaves the hardware device. Even when you broadcast a transaction, the signing happens inside the hardware wallet. Your computer or phone sees only the signed transaction, never the key itself.

Risk Note

Most Bitcoin losses come from user mistakes: lost seed phrases, phishing attacks, and funds left on exchanges that later fail. The Bitcoin protocol itself has never been hacked. Your choices determine your security.

Hardware wallets and secure seed phrase storage eliminate the most common risks. The technology is not difficult to use. The discipline required is simply to set it up properly once, and then store the backup securely.

Reader Takeaway

A wallet holds private keys, not coins. Coins live on the blockchain. Hot wallets offer convenience for small amounts. Cold wallets (hardware wallets) offer security for savings. The seed phrase is the master key to your wallet — guard it with physical copies in secure locations. Most losses are preventable.

Chapter Summary

  • A Bitcoin wallet stores your private keys. Your Bitcoin remains on the blockchain. Whoever holds the keys controls the coins.
  • Hot wallets (connected to the internet) are for small amounts and daily use. Cold wallets (hardware wallets) are for savings and larger amounts.
  • Non-custodial wallets give you direct control. Custodial wallets (exchange accounts) hand control to a company — and introduce counterparty risk.
  • The seed phrase is the human-readable master key to your wallet. Write it on paper. Keep two copies in separate physical locations. Never store it digitally or share it with anyone.
  • Loss of seed phrase with no device = permanent loss. Loss of device with seed phrase = easily recoverable. Protect the seed phrase first.
  • Hardware wallets (Ledger, Trezor, Coldcard) are the standard recommendation for anyone holding significant Bitcoin.

References

  • Antonopoulos, A. Mastering Bitcoin. O'Reilly
  • Bitcoin.org: Choose Your Wallet
  • Ledger Academy: Recovery phrase basics
  • Chainalysis Crypto Crime Report (loss and scam trends)
  • Swiss Financial Market Supervisory Authority (FINMA): guidance on crypto custody

Was this helpful? Continue with the next chapter via the sidebar.

PrevNext